General
-
Target
b916cd21d5759f9c2e98aed2297b0d2f0201f8390347856b37e493e808132153.exe
-
Size
814KB
-
Sample
210727-beqygd4n8x
-
MD5
541bb6e026f837faa2b64b31b0a2ec0c
-
SHA1
1cd6d3ceae4177bba8add5ef473b80edb6bc55d3
-
SHA256
b916cd21d5759f9c2e98aed2297b0d2f0201f8390347856b37e493e808132153
-
SHA512
2c880847e2fbf0f221eeae08c8997ad9b36c8f32e00d93ca3fdf9283bf895160378f3839770643353bb2fdccf7a529f02040881efef7d5cb2b91732c66ccede9
Static task
static1
Behavioral task
behavioral1
Sample
b916cd21d5759f9c2e98aed2297b0d2f0201f8390347856b37e493e808132153.exe
Resource
win7v20210408
Malware Config
Extracted
lokibot
http://192.236.179.121/new/zubby/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
b916cd21d5759f9c2e98aed2297b0d2f0201f8390347856b37e493e808132153.exe
-
Size
814KB
-
MD5
541bb6e026f837faa2b64b31b0a2ec0c
-
SHA1
1cd6d3ceae4177bba8add5ef473b80edb6bc55d3
-
SHA256
b916cd21d5759f9c2e98aed2297b0d2f0201f8390347856b37e493e808132153
-
SHA512
2c880847e2fbf0f221eeae08c8997ad9b36c8f32e00d93ca3fdf9283bf895160378f3839770643353bb2fdccf7a529f02040881efef7d5cb2b91732c66ccede9
-
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Suspicious use of SetThreadContext
-